(Dieser Artikel ist auch in deutscher Sprache verfügbar)

The EU funded European Network and Information Security Agency (ENISA) issued, on 27 January 2009, its Position Paper on security features in European eID schemes, showing a large disparity between the various systems which might affect their usefulness.

The paper is an analysis of 10 ID card systems already used in EU and 13 under development. The eID cards are presently used mainly in relation to tax declarations and other e-Gov services with some applications in the commercial sector as well, but their application will largely extend in the future. The study shows that Europe has no coordinated strategy to protect the private data stored on the cards which leads to their lack of interoperability and to reluctance in accepting them by potential users. "Privacy features have been developed, implemented and tested at a national level and there is no co-ordinated strategy at a European level as to which features should be implemented and how they should be implemented. (...) The lack of co-ordination is an important obstacle to any possible cross-border interoperability of eID card schemes. (...) (This is) important in order to create the necessary trust in the users of such schemes - any cross-border scheme only offers as much protection as its weakest participating member: If just one participating country offers what is generally considered to be inadequate privacy protection, the citizens of the other countries are not likely to accept any cross-border interoperability scheme which puts their data at more risk than their national scheme."

ENISA report shows that the lack of coordination in privacy controls all over these systems will affect the usefulness of the cards. "Privacy is an area where the member states' approaches differ a lot and European eID will not take off unless we get this right. Europe needs to reflect on eID privacy and its role in the interoperability puzzle. The fundamental human right to privacy must be guaranteed for all European eID card holders," said ENISA executive director Andrea Pirotti.

The paper presents the implementation of privacy-enhancing technologies in existing and planned European eID card specifications, analyses in detail eleven risks to personal privacy resulting from the use of national schemes and lists eight practicable techniques available to address and solve these risks. The present situation of privacy features available for the existing cards is shown by means of eight comparison charts that can represent a good reference in the identification of best practices in the domain.

"A lot of very practical techniques exist to protect the citizen's privacy and, from the survey of available techniques in this paper, it is possible to identify a set of best practice guidelines for the protection of personal data in national eID card schemes," says the report.

ENISA report was designed to give policymakers the information necessary to improve the present situation, providing a first comprehensive overview of the status in Europe.

Citizen data protection in focus - ENISA on privacy in national eID cards: Europe needs a strategy (3.02.2009)
http://enisa.europa.eu/pages/02_01_press_2009_02_3_privacy_features_eI...

ENISA Position Paper: Privacy Features of Europen eID card specifications (27.01.2009)
http://enisa.europa.eu/doc/pdf/deliverables/enisa_privacy_features_eID...

Disparate privacy features devalue ID cards, warns EU security agency (5.02.2009)
http://www.out-law.com//default.aspx?page=9771